Categories: SecurityWorkspace

Adobe Reader X Flaw ‘Being Sold On Black Market For $50k’

Cyber crooks are thought to be selling a zero-day vulnerability in Adobe Reader X and packaging it up in the most prevalent exploit kit in the world – Blackhole.

Russian firm Group-IB claimed to have confirmed the Adobe Reader flaw earlier this week, and reports have suggested that the flaw is fetching between $30,000 and $50,000 on the black market. As the Blackhole Exploit Kit is being used, some suspect the flaw is being used to serve up banking malware to unsuspecting Internet users.

Blackhole kits are typically thrown up at users from infected websites, in what are known as drive-by download attacks. All it requires is an iFrame to be read by the target’s browser.

Another Adobe flaw

As noted by Group-IB, however, the vulnerability can only be exploited after a user closes and then reopens the browser. The company did not explain why that was the case.

“Another variant is to organise interaction between the victim and the malformed PDF document. Either way, the vulnerability … has [a] very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cyber crime gangs because in the past there was no documented method of how to bypass it with shellcode execution,” said Andrey Komarov, head of the international projects department at Group-IB.

Adobe said it is now in contact with Group-IB and is hoping to learn more from the Russian firm to determine whether the flaw was genuine.

“We are aware of the announcement from Group IB and have reached out to Group IB for additional information. We are now in communication with Group IB so we can make a determination whether or not this is in fact a vulnerability and a sandbox bypass,” a spokesperson told TechWeekEurope.

“Without additional details, and in particular a sample, there is nothing we can do, unfortunately, beyond continuing to monitor the threat landscape and working with our partners in the security community, as always. We will update you as soon as we have new information and a determination can be made.”

The company has had to deal with various vulnerabilities in its software over recent months, but has received plaudits for its quick response to found flaws.

In September, it was working with close partner Microsoft to patch vulnerabilities in Flash Player for Windows 8. However, in August, Google researchers warned that Adobe had left patches for 16  serious flaws out of its Reader update, which could have left users open to attack.

Are you a security expert? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago